IDG News Service - Companies with compromised data have a duty to report that information to investigators to keep others from being victimized, the director of the U.S. Secret Service said yesterday.
The Secret Service, which has jurisdiction to investigate financial crimes as well as protect the U.S. president, is working hard to prevent Internet-related crimes such as identity theft, but it needs assistance from private companies, said Secret Service Director Ralph Basham, who spoke at an event on organized cybercrime in Washington. The event was sponsored by the Business Software Alliance and the Center for Strategic & International Studies (CSIS).
"Information is the world's new currency; information has value," Basham said. "Information discloses our vulnerabilities and systemic weaknesses, and therefore ... compromises of information must be aggressively investigated."
Compromises that affect just one company are increasingly rare in a world connected by the Internet, he said. "The days when a single institution guards the system intrusion as a secret are no longer acceptable," Basham said. "An intrusion for one represents a collective threat for us all."
Still, the sharing of information between law enforcement agencies and private industry needs significant improvement, said a group of IT security experts at a panel discussion after Basham's remarks. Technology that could help reduce cybercrime does exist, but law enforcement agencies conducting investigations often don't immediately share information about new threats, said Albert Sisto, president and CEO of Phoenix Technologies Ltd., a security software vendor in Milpitas, Calif.
Federal law enforcement agencies are trying to share more information, but it's often difficult to disclose information without compromising an active investigation, said Kimberly Peretti, a lawyer in the Computer Crime and Intellectual Property Division at the U.S Department of Justice.
The Secret Service is working on ways to distribute information faster, said Brian Nagel, assistant director for investigations at the Secret Service.
Most panelists agreed that technology can help fight organized cybercrime, but they also called for other changes, including better international cooperation among law enforcement agencies and more tools and training for law enforcement agents. Cybercrime cases cost more to investigate than traditional crime, Nagel said.
A combination of technology, law enforcement resources and laws are needed to combat cybercrime, said Bill Conner, CEO and chairman of Entrust Inc., a security vendor in Addison, Texas.
But a number of federal laws passed in recent years haven't done as much to raise awareness about data security as one California bill requiring companies with data breaches to notify victims that became law in 2003, he said. Other states are
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
